- 26 - 



WHAT IS CLAIMED IS: 

1. A method for testing a network system by 
controlling, by a data controller in a network device, 
communication data transferred between an external device 
connected to the network device via a network and a 
plurality of virtual machines in the network device, 
comprising : 

a reception step of receiving the communication data; 

a judgment step of judging whether the received 
communication data coincides with the condition by referring 
to a test access control list whitch defines association 
between a condition cocerning an attribute of the 
communication data and an action serving as a process of 
permitting or rejecting communication of the communication 
data; and 

an execution step of executing, when it is judged in 
the judgment step that the communication data coincides with 
the condition, the process serving as the action in the test 
access control list. 

2. A method for testing a network system according to 
claim 1, wherein the condition concerning the attribute of 
the communication data includes address information for 
identifying the location on the network of the external 



device or the network device serving as a transmitter or a 
receiver of the communication data, and 

the judgment step includes judgment of whether address 
information included in the received communication data 
coincides with the condition concerning the attribute of the 
communication data . 

3. A method for testing a network system according to 
claim 1, further comprising an addition step of adding, to 
the received communication data, a necessary attribute for 
judging whether the communication data coincides with the 
condition in the judgment step. 

4. A computer-readable medium encoded with a network- 
system testing program for causing a computer to operate as 
a network device controlling communication data transferred 
between external devices interconnected via a network, the 
program causing the computer to perform a process 
comprising : 

a reception step of receiving communication data 
transmitted from one of the external devices or 
communication data transmitted from a virtual machine in the 
network device; 

a judgment step of judging whether the received 
communication data coincides with the condition by referring 



- 28 - 

to a test access control list whitch defines association 
between a condition cocerning an attribute of the 
communication data and an action serving as a process of 
permitting or rejecting communication of the communication 
data; and 

an execution step of executing, when it is judged in 
the judgment step that the communication data coincides with 
the condition, the process serving as the action in the test 
access control list . 

5. A computer-readable medium encoded with a network- 
system testing program according to claim 4, wherein the 
condition concerning the attribute of the communication data 
includes address information for identifying the location on 
the network of the external device or the network device 
serving as a transmitter or a receiver of the communication 
data, and 

wherein the judgment step includes judgment of whether 
address information included in the received communication 
data coincides with the condition of the attribute of the 
communication data. 

6. A computer-readable medium encoded with a network- 
system testing program according to claim 4, the program 
further comprising : 
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an attribute adding step of adding, to the received 
communication data, a necessary attribute for judging 
whether the communication data coincides with the condition 
in the judgment step. 

7. A network-system testing apparatus for controlling 
communication data transferred between external devices 
interconnected via a network, comprising: 

reception means for receiving communication data 
transmitted from one of the external devices or 
communication data transmitted from a virtual machine in the 
network device; 

a test access control list whitch defines association 
between a condition cocerning an attribute of the 
communication data and an action serving as a process of 
permitting or rejecting communication of the communication 
data when the communication data coincides with the 
condition; 

judgment means for judging, by referring to the test 
access control list, whether the received communication data 
coincides with the condition; and 

execution means for executing the action in the test 
access control list when it is judged by the judgment means 
that the communication data coincides with the condition. 
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8. A network-system testing apparatus according to 
claim 7, wherein the condition concerning the attribute (s) 
of the communication data includes address information for 
identifying the location on the network of the external 
device or the network device serving as a transmitter or a 
receiver of the communication d&ta, and 

the judgment means judges whether address information 
included in the received communication data coincides with 
the condition concerning the attribute (s) of the 
communication data. 

9. A network-system testing apparatus according to 
claim 7, further comprising attribute adding means for 
adding, to the received communication data, a necessary 
attribute for judging, by the judgment means, whether the 
communication data coincides with the condition. 



